Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/947affd6-7fb7-47f3-9a70-095fbfb12912.roa
File:                     947affd6-7fb7-47f3-9a70-095fbfb12912.roa (raw, json)
Hash identifier:          bUyEV9GzADQ+el8Do1Y4mfxyXd6SS52beWUlP1KAu80=
Subject key identifier:   FF:BF:58:51:9C:0A:A0:DF:73:2C:2C:A3:41:AB:F7:17:9A:DA:B7:5F
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2AD9BD58F8BC13A627179DF235B00149E9F13B41
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/947affd6-7fb7-47f3-9a70-095fbfb12912.roa
Signing time:             Thu 24 Aug 2023 00:00:00 +0000
ROA not before:           Thu 24 Aug 2023 00:00:00 +0000
ROA not after:            Thu 28 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:d9:bd:58:f8:bc:13:a6:27:17:9d:f2:35:b0:01:49:e9:f1:3b:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 24 00:00:00 2023 GMT
            Not After : Sep 28 23:59:59 2023 GMT
        Subject: serialNumber=4dfc441afdcc53f2249eebb1f3b0271fb23c17bd7ed06b7c4d7f58f2d193de3c, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:ec:2d:55:de:df:5a:c7:87:b3:53:58:e2:df:
                    02:1d:27:40:42:ad:81:e9:f5:94:c7:d3:93:ea:cd:
                    9a:54:51:ad:7a:9d:47:f8:09:53:d9:38:15:e3:03:
                    a9:6d:c2:18:5d:08:34:df:48:71:27:e3:30:98:cf:
                    95:9c:bd:a1:b1:67:d9:63:c1:3c:07:56:ff:a3:75:
                    1f:49:2e:90:07:cc:1c:6c:f9:9c:81:cb:77:a0:ba:
                    03:25:1d:f1:92:ce:ee:d3:10:fa:11:62:a6:c8:9d:
                    57:54:97:ed:37:ef:67:29:8d:67:84:4a:b4:b8:e7:
                    20:96:dc:ec:c8:c2:57:d9:3c:b1:ff:8e:74:bb:c5:
                    2c:2b:4d:9d:e4:f5:1f:bc:12:64:55:4c:a2:a7:7a:
                    7c:e4:8d:b3:d2:35:d6:39:35:08:7c:73:cc:cb:dc:
                    38:93:8d:95:e3:96:8a:5f:de:9d:4e:84:29:27:87:
                    7c:04:70:a9:e4:8d:81:1e:75:17:2e:61:e6:d7:65:
                    c1:ff:62:dc:39:ab:34:7a:53:0e:fa:31:f8:38:51:
                    9b:8d:81:2f:98:9a:e8:10:84:4b:c3:8a:bc:a2:28:
                    d7:81:8e:7b:94:83:d5:76:37:1d:3c:dd:4f:a6:d9:
                    1f:80:79:cd:2a:93:ef:49:07:33:18:4c:fa:b3:17:
                    27:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:BF:58:51:9C:0A:A0:DF:73:2C:2C:A3:41:AB:F7:17:9A:DA:B7:5F
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/947affd6-7fb7-47f3-9a70-095fbfb12912.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:bf:69:81:e5:b9:4d:e4:eb:ac:6b:99:07:c3:45:c9:03:92:
         52:04:09:57:04:b9:03:34:b2:ae:21:f5:d3:97:04:f2:91:26:
         54:7b:4e:12:3c:c6:ef:cd:c1:5d:e7:e2:a3:58:a9:46:a7:54:
         a6:c1:f0:0e:0f:cc:bf:c9:8e:2a:73:2b:4d:3b:3d:c6:b4:91:
         f2:c2:06:65:1c:25:a7:f5:2a:35:10:63:9e:5f:f7:34:40:7f:
         61:07:54:30:85:34:92:c7:1d:44:69:8e:0f:b9:33:95:61:1f:
         14:e5:0e:59:1d:8d:db:c0:d3:c1:81:ed:d3:42:fa:fe:c3:a5:
         91:5f:9c:95:a8:c4:84:9e:94:83:94:db:e5:22:1c:73:3c:a1:
         fa:94:60:d1:38:1f:f2:ac:df:51:31:c6:e9:08:4a:98:b3:fa:
         0c:2c:c4:cb:6d:02:36:cf:02:d8:c3:0c:45:0b:71:4d:37:c2:
         2c:04:4c:53:6c:e2:ac:bc:6d:39:24:77:34:19:2e:3f:72:a9:
         96:a4:36:9b:d2:1a:b9:1a:47:87:b8:b9:ea:41:16:f8:6b:09:
         f1:c0:2a:ce:19:76:08:c5:90:73:20:e6:98:32:7a:a7:3a:0b:
         93:4b:13:3f:73:79:1e:20:29:99:1e:82:9f:7c:c4:6a:88:f7:
         d5:3f:08:03
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKtm9WPi8E6YnF53yNbABSenxO0EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODI0MDAwMDAwWhcNMjMwOTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A0ZGZjNDQxYWZkY2M1M2YyMjQ5ZWViYjFmM2IwMjcxZmIy
M2MxN2JkN2VkMDZiN2M0ZDdmNThmMmQxOTNkZTNjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDC7C1V3t9ax4ezU1ji3wIdJ0BCrYHp9ZTH05PqzZpUUa16
nUf4CVPZOBXjA6ltwhhdCDTfSHEn4zCYz5WcvaGxZ9ljwTwHVv+jdR9JLpAHzBxs
+ZyBy3egugMlHfGSzu7TEPoRYqbInVdUl+0372cpjWeESrS45yCW3OzIwlfZPLH/
jnS7xSwrTZ3k9R+8EmRVTKKnenzkjbPSNdY5NQh8c8zL3DiTjZXjlopf3p1OhCkn
h3wEcKnkjYEedRcuYebXZcH/Ytw5qzR6Uw76Mfg4UZuNgS+YmugQhEvDiryiKNeB
jnuUg9V2Nx083U+m2R+Aec0qk+9JBzMYTPqzFycLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU/79YUZwKoN9zLCyjQav3F5rat18wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzk0N2FmZmQ2LTdmYjctNDdmMy05YTcwLTA5NWZiZmIxMjkxMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAa/aYHluU3k66xrmQfDRckDklIE
CVcEuQM0sq4h9dOXBPKRJlR7ThI8xu/NwV3n4qNYqUanVKbB8A4PzL/JjipzK007
Pca0kfLCBmUcJaf1KjUQY55f9zRAf2EHVDCFNJLHHURpjg+5M5VhHxTlDlkdjdvA
08GB7dNC+v7DpZFfnJWoxISelIOU2+UiHHM8ofqUYNE4H/Ks31ExxukISpiz+gws
xMttAjbPAtjDDEULcU03wiwETFNs4qy8bTkkdzQZLj9yqZakNpvSGrkaR4e4uepB
FvhrCfHAKs4ZdgjFkHMg5pgyeqc6C5NLEz9zeR4gKZkegp98xGqI99U/CAM=
-----END CERTIFICATE-----